TUM Logo

Investigating Applications of Runtime Attestation Driven Development

Investigating Applications of Runtime Attestation Driven Development

Supervisor(s): Hendrik Meyer zum Felde
Status: finished
Topic: Others
Author: Luis Gaspar Schröder
Submission: 2023-09-15
Type of Thesis: Bachelorthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching


The increasing number of security attacks on software systems results in a need for

methods to counteract these attacks. One possible method is the attestation of software

systems. Attestation is a trust mechanism that verifies the integrity of information

provided by a system and is used to detect security attacks. Previously 

known attestation methods only detect a few security attacks at a time. 

This thesis considers the attestation concept of Runtime Attestation Driven Development (RADD). 

RADD attests software systems and is intended to detect a large variety of security attacks during

runtime. This distinguishes RADD by the combination of analyzing the memory used

by a program and attesting it remotely during runtime.

This thesis evaluates which types of security attacks are attestable by RADD. In order

to limit the considered number of security attacks, this thesis uses the established Top

10 ranking by the OWASP foundation. For the security attacks not detected by RADD,

methods from other scientific work are discussed on how they can be used to extend

RADD. RADD has the technical requirement that the program data stored on the call

stack must conform to a predefined order. Since no concept exists for this requirement,

this thesis introduces a new programming style.

The results of this thesis show that RADD can attest 7 of the 10 considered security

attacks. By extending RADD with the 3 introduced methods, all 10 security attacks can

be attested. Finally, a programming style is introduced that satisfies the requirements

of RADD.